Monday, January 20, 2020

Cyber Criminals Were Paid Bitcoin Ransom for Christmas Day Attack on International Airport

Similar Technology to That Used in Six Million Dollar Threat in London
Shipping News Feature

US – WORLDWIDE – Those in the world of logistics are getting used to cyber crime stories, many just praying they will not be personally affected. Whilst the case for paying a ransom to pirates who have kidnapped the innocent crew of a merchant ship and are keeping them in appalling conditions is an easy one to be made, when no direct threat to life exists the choice to pay is much tougher to justify.

As details are released of the attack on New Year’s Eve on London based foreign exchange company Travelex, it seems the same ransomware was used in a successful crime against New York’s Albany International Airport a week earlier. The virus, called Sodiniokibi, and also known as Sodin and REvil, hit Albany’s maintenance servers and from there infiltrated the rest of the computer network.

The airport said that customers’ personal information was not accessed but that Microsoft files and back up storage systems were infected. The airport paid the ransom, allegedly ‘less than six figures’ in bitcoin on December 30 and normal airport operations, Albany has around fifty flights per day, were at no time interrupted. One fears however that that may well have been the threat which brought about the payment.

As we pointed out in a recent article anyone relying on computer systems these days needs to have in place a suitable insurance policy against this type of activity. It seems Albany County, which owns the airport, have such a policy and will be claiming the payment back although the servers first infected were managed by a specialist New York based company, Logical Net.

A spokesman for Logical Net said that, whilst the attack was against his firm, the airport bears responsibility as its back up servers were installed prior to the contract with the managers and other Logical Net customers had systems robust enough to nullify attacks from the same source. The two companies have ceased working together from hereon in it seems.

The problem for any victim in this type of crime is that there is no honour amongst thieves. The type of person who steals such data may well not be trusted that they will not act on their threat, regardless of whether the ransom is paid. They may of course even sell on the information they are able to steal. Even with this latest virus, details of the data stolen has already apparently been released on a Russian underground site after the owners of a New Jersey headquartered firm refused to pay the ransom.

When this happens the criminals usually ‘drip feed’ the data thus putting pressure on the victims to pay and evidencing the success of their attack. Experts agree the latest virus is the product of a gang with history in this whose architects had said they were retiring after netting millions of dollars in other scams such as NotPetya and WannaCry. Some experts say a gang called Gold or Gold Southfield which originally masterminded under the title of GandCrab now sell or lease out their product, hence the variety of names attached to similar viruses.

The message is simple, get the best virus detection and destruction tools you can and insure against the worst way scenario to maintain stability in your business.

Photo: Albany International Airport.